/* * Load a DSA key from the cert store * In fact, this will load RSA keys as well. */ static EVP_PKEY * __isns_simple_keystore_find(isns_keystore_t *store_base, const char *name, size_t namelen) { isns_simple_keystore_t *store = (isns_simple_keystore_t *) store_base; char *pathname; size_t capacity; EVP_PKEY *result; /* Refuse to open key files with names * that refer to parent directories */ if (memchr(name, '/', namelen) || name[0] == '.') return NULL; capacity = strlen(store->sc_dirpath) + 2 + namelen; pathname = isns_malloc(capacity); if (!pathname) isns_fatal("Out of memory."); snprintf(pathname, capacity, "%s/%.*s", store->sc_dirpath, (int) namelen, name); if (access(pathname, R_OK) < 0) { isns_free(pathname); return NULL; } result = isns_dsasig_load_public_pem(NULL, pathname); isns_free(pathname); return result; }
void buf_free(buf_t *bp) { if (!bp) return; if (bp->allocated) isns_free(bp->base); isns_free(bp); }
static void isns_scn_free(isns_scn_t *scn) { isns_scn_release_funnels(scn); isns_object_release(scn->scn_owner); isns_object_release(scn->scn_entity); isns_attr_release(scn->scn_attr); isns_free(scn->scn_name); isns_free(scn); }
struct isns_config_s * isns_new_config(void) { struct isns_config_s *cfg_p; pthread_mutexattr_t mutexattr; cfg_p = (struct isns_config_s *) isns_malloc(sizeof(struct isns_config_s)); if (cfg_p == NULL) { DBG("isns_new_config: error on isns_malloc() [1]\n"); return NULL; } cfg_p->kq = -1; cfg_p->pipe_fds[0] = -1; cfg_p->pipe_fds[1] = -1; cfg_p->curtask_p = NULL; cfg_p->sd_connected = 0; cfg_p->ai_p = NULL; cfg_p->pdu_in_p = NULL; cfg_p->refresh_p = NULL; pthread_mutexattr_init(&mutexattr); pthread_mutexattr_settype(&mutexattr, ISNS_MUTEX_TYPE_NORMAL); if (pthread_mutex_init(&cfg_p->taskq_mutex, &mutexattr) != 0) { DBG("isns_new_config: error on pthread_mutex_init() [1]\n"); isns_free(cfg_p); return NULL; } pthread_mutexattr_init(&mutexattr); pthread_mutexattr_settype(&mutexattr, ISNS_MUTEX_TYPE_NORMAL); if (pthread_mutex_init(&cfg_p->trans_mutex, &mutexattr) != 0) { DBG("isns_new_config: error on pthread_mutex_init() [2]\n"); pthread_mutex_destroy(&cfg_p->taskq_mutex); isns_free(cfg_p); return NULL; } SIMPLEQ_INIT(&cfg_p->taskq_head); cfg_p->control_thread_p = (pthread_t *)isns_malloc(sizeof(pthread_t)); if (cfg_p->control_thread_p == NULL) { DBG("isns_new_config: error on isns_malloc() [1]\n"); isns_destroy_config(cfg_p); return NULL; } return cfg_p; }
void buf_close(buf_t *bp) { if (bp->write_mode) buf_drain(bp); if (bp->fd >= 0) close(bp->fd); bp->fd = -1; isns_free(bp); }
static void slp_cleanup(void) { char *url = slp_url; slp_url = NULL; if (url) { isns_slp_unregister(url); isns_free(url); } }
/* * Release a policy object */ void isns_policy_release(isns_policy_t *policy) { if (!policy) return; isns_assert(policy->ip_users); if (--(policy->ip_users)) return; isns_assert(policy != &isns_superhero_powers); isns_assert(policy != &isns_flyingpigs_powers); isns_assert(policy != &isns_dweeb_powers); isns_free(policy->ip_name); isns_free(policy->ip_entity); isns_free(policy->ip_dd_default); isns_string_array_destroy(&policy->ip_node_names); isns_free(policy); }
static void isns_scn_release_funnels(isns_scn_t *scn) { isns_scn_funnel_t *funnel; while ((funnel = scn->scn_funnels) != NULL) { scn->scn_funnels = funnel->scn_next; if (funnel->scn_socket) isns_socket_free(funnel->scn_socket); isns_free(funnel); } }
buf_t * buf_open(const char *filename, int flags) { static const unsigned int buflen = 4096; buf_t *bp; int oerr; if (!(bp = isns_calloc(1, sizeof(*bp) + buflen))) return NULL; buf_init(bp, (bp + 1), buflen); switch (flags & O_ACCMODE) { case O_RDONLY: bp->write_mode = 0; break; case O_WRONLY: bp->write_mode = 1; break; default: errno = EINVAL; goto failed; } if (!filename || !strcmp(filename, "-")) { bp->fd = dup(bp->write_mode? 1 : 0); } else { bp->fd = open(filename, flags, 0666); } if (bp->fd < 0) goto failed; return bp; failed: oerr = errno; isns_free(bp); errno = oerr; return NULL; }
static isns_attr_t * __key_to_attr(EVP_PKEY *pkey) { struct __isns_opaque key; isns_value_t value; isns_attr_t *attr = NULL; if (!isns_dsa_encode_public(pkey, &key.ptr, &key.len)) goto out; /* Must pad key. This means we may end up encoding a few * bytes of trash. Oh well. */ key.len = ISNS_PAD(key.len); value = ISNS_VALUE_INIT(opaque, key); attr = isns_attr_alloc(OPENISNS_TAG_POLICY_KEY, NULL, &value); isns_free(key.ptr); out: EVP_PKEY_free(pkey); return attr; }
void isns_destroy_config(struct isns_config_s *cfg_p) { struct isns_task_s *task_p; if (cfg_p != NULL) { if (cfg_p->kq != -1) close(cfg_p->kq); if (cfg_p->pipe_fds[0] != -1) close(cfg_p->pipe_fds[0]); if (cfg_p->pipe_fds[1] != -1) close(cfg_p->pipe_fds[1]); if (cfg_p->control_thread_p != NULL) isns_free(cfg_p->control_thread_p); if (cfg_p->refresh_p != NULL) { if (cfg_p->refresh_p->trans_p != NULL) isns_free_trans(cfg_p->refresh_p->trans_p); isns_free(cfg_p->refresh_p); } /* Free the current task, if necessary. */ if ((task_p = cfg_p->curtask_p) != NULL) { if (task_p->task_type == ISNS_TASK_SEND_PDU) isns_complete_trans(task_p->var.send_pdu.trans_p); isns_free_task(task_p); } /* Empty the task queue of any pending tasks and free them. */ while ((task_p = isns_taskq_remove(cfg_p)) != NULL) { if (task_p->task_type == ISNS_TASK_SEND_PDU) isns_complete_trans(task_p->var.send_pdu.trans_p); isns_free_task(task_p); } pthread_mutex_destroy(&cfg_p->taskq_mutex); pthread_mutex_destroy(&cfg_p->trans_mutex); if (cfg_p->ai_p != NULL) { if (cfg_p->ai_p->ai_canonname != NULL) isns_free(cfg_p->ai_p->ai_canonname); if (cfg_p->ai_p->ai_addr != NULL) isns_free(cfg_p->ai_p->ai_addr); isns_free(cfg_p->ai_p); } isns_free(cfg_p); } }
static int isns_policy_object_type_parse(isns_value_t *vp, const char *buf) { char *copy, *s, *next; int rv = 0; if (!strcasecmp(buf, "ALL")) { vp->iv_uint32 = ~0; return 1; } if (!strcasecmp(buf, "DEFAULT")) { vp->iv_uint32 = ISNS_DEFAULT_OBJECT_ACCESS; return 1; } vp->iv_uint32 = 0; copy = isns_strdup(buf); for (s = copy; s; s = next) { char *perm; int bit, mask = 0; while (1) { unsigned int n; n = strcspn(s, ",+;|"); if (n) { next = s + n; if (*next) *next++ = '\0'; break; } ++n; } mask = ISNS_PERMISSION_READ; if ((perm = strchr(s, ':')) != NULL) { *perm++ = '\0'; mask = 0; while (*perm) { switch (*perm++) { case 'R': case 'r': mask = ISNS_PERMISSION_READ; break; case 'W': case 'w': mask = ISNS_PERMISSION_READ; break; default: goto failed; } } } for (bit = 0; bit < 32; ++bit) { if (policy_object_type_bit_names[bit] && !strcasecmp(policy_object_type_bit_names[bit], s)) goto found; } goto failed; found: vp->iv_uint32 |= ISNS_ACCESS(bit, mask); } rv = 1; failed: isns_free(copy); return rv; }